CVE-2003-0131 — Openssl vulnerability

7 documents7 sources

Severity

7.5HIGHNVD

EPSS

17.9%

top 4.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedMar 24

Latest updateMay 3

Description

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.7b-1 (bookworm)

▶Debianopenssl/openssl< 0.9.7b-1+3

▶NVDopenssl/openssl11 versions+10

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6rjg-j93g-96pp: The SSL and TLS components for OpenSSL 0↗2022-05-03

▶

OSV

CVE-2003-0131: The SSL and TLS components for OpenSSL 0↗2003-03-24

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-03-19

▶

Debian

CVE-2003-0131: openssl - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a all...↗2003

▶

📄Research Papers

arXiv

Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications↗2019-12-12

▶

💬Community

Bugzilla

CVE-2003-0131 security flaw↗2018-08-16

▶